/mandos/trunk : revision 24.1.63

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to plugins.d/password-request.c

Committer: Björn Påhlsson
Date: 2008-08-24 10:19:59 UTC
mfrom: (98 mandos)
mto: (24.1.154 mandos) (237.4.3 mandos-release)
mto: This revision was merged to the branch mainline in revision 99.
Revision ID: belorn@braxen-20080824101959-cbs6x05jwgqrlp2s

merge + fallback bugg

files added:
COPYING

initramfs-tools-hook

initramfs-tools-hook-conf

initramfs-tools-script

mandos-clients.conf.xml

mandos-keygen

mandos-keygen.xml

mandos-options.xml

mandos.conf.xml

mandos.xml

overview.xml

plugin-runner.xml

plugins.d/password-prompt.xml

plugins.d/password-request.xml

plugins.d/usplash

files removed:
ca.pem

cert.pem

client-cert.pem

client-key.pem

crl.pem

key.pem

files renamed:
server.py => mandos

server.conf => mandos.conf

plugbasedclient.c => plugin-runner.c

plugins.d/passprompt.c => plugins.d/password-prompt.c

plugins.d/mandosclient.c => plugins.d/password-request.c

files modified:
Makefile

TODO

clients.conf

Show diffs side-by-side

added added

removed removed

plugins.d/password-request.c

* along with this program. If not, see

* <http://www.gnu.org/licenses/>.

* Contact the authors at <https://www.fukt.bsnet.se/~belorn/> and

* <https://www.fukt.bsnet.se/~teddy/>.

* Contact the authors at <mandos@fukt.bsnet.se>.

/* Needed by GPGME, specifically gpgme_data_seek() */

#define _LARGEFILE_SOURCE

#define _FILE_OFFSET_BITS 64

#include <stdio.h>

#include <assert.h>

#include <stdlib.h>

#include <time.h>

#include <net/if.h> /* if_nametoindex */

#define _GNU_SOURCE /* TEMP_FAILURE_RETRY(), asprintf() */

#include <stdio.h> /* fprintf(), stderr, fwrite(),

stdout, ferror() */

#include <stdint.h> /* uint16_t, uint32_t */

#include <stddef.h> /* NULL, size_t, ssize_t */

#include <stdlib.h> /* free(), EXIT_SUCCESS, EXIT_FAILURE,

srand() */

#include <stdbool.h> /* bool, true */

#include <string.h> /* memset(), strcmp(), strlen(),

strerror(), asprintf(), strcpy() */

#include <sys/ioctl.h> /* ioctl */

#include <sys/types.h> /* socket(), inet_pton(), sockaddr,

sockaddr_in6, PF_INET6,

SOCK_STREAM, INET6_ADDRSTRLEN,

uid_t, gid_t */

#include <inttypes.h> /* PRIu16 */

#include <sys/socket.h> /* socket(), struct sockaddr_in6,

struct in6_addr, inet_pton(),

connect() */

#include <assert.h> /* assert() */

#include <errno.h> /* perror(), errno */

#include <time.h> /* time() */

#include <net/if.h> /* ioctl, ifreq, SIOCGIFFLAGS, IFF_UP,

SIOCSIFFLAGS, if_indextoname(),

if_nametoindex(), IF_NAMESIZE */

#include <unistd.h> /* close(), SEEK_SET, off_t, write(),

getuid(), getgid(), setuid(),

setgid() */

#include <netinet/in.h>

#include <arpa/inet.h> /* inet_pton(), htons */

#include <iso646.h> /* not, and */

#include <argp.h> /* struct argp_option, error_t, struct

argp_state, struct argp,

argp_parse(), ARGP_KEY_ARG,

ARGP_KEY_END, ARGP_ERR_UNKNOWN */

/* Avahi */

/* All Avahi types, constants and functions

Avahi*, avahi_*,

AVAHI_* */

#include <avahi-core/core.h>

#include <avahi-core/lookup.h>

#include <avahi-core/log.h>

#include <avahi-common/malloc.h>

#include <avahi-common/error.h>

//mandos client part

#include <sys/types.h> /* socket(), inet_pton() */

#include <sys/socket.h> /* socket(), struct sockaddr_in6,

struct in6_addr, inet_pton() */

#include <gnutls/gnutls.h> /* All GnuTLS stuff */

#include <gnutls/openpgp.h> /* GnuTLS with openpgp stuff */

#include <unistd.h> /* close() */

#include <netinet/in.h>

#include <stdbool.h> /* true */

#include <string.h> /* memset */

#include <arpa/inet.h> /* inet_pton() */

#include <iso646.h> /* not */

// gpgme

#include <errno.h> /* perror() */

#include <gpgme.h>

// getopt long

#include <getopt.h>

#ifndef CERT_ROOT

#define CERT_ROOT "/conf/conf.d/cryptkeyreq/"

#endif

#define CERTFILE CERT_ROOT "openpgp-client.txt"

#define KEYFILE CERT_ROOT "openpgp-client-key.txt"

/* GnuTLS */

#include <gnutls/gnutls.h> /* All GnuTLS types, constants and

functions:

gnutls_*

init_gnutls_session(),

GNUTLS_* */

#include <gnutls/openpgp.h> /* gnutls_certificate_set_openpgp_key_file(),

GNUTLS_OPENPGP_FMT_BASE64 */

/* GPGME */

#include <gpgme.h> /* All GPGME types, constants and

functions:

gpgme_*

GPGME_PROTOCOL_OpenPGP,

GPG_ERR_NO_* */

#define BUFFER_SIZE 256

#define DH_BITS 1024

100

101

bool debug = false;

102

static const char *keydir = "/conf/conf.d/mandos";

103

static const char mandos_protocol_version[] = "1";

104

const char *argp_program_version = "password-request 1.0";

105

const char *argp_program_bug_address = "<mandos@fukt.bsnet.se>";

106

107

/* Used for passing in values through the Avahi callback functions */

108

typedef struct {

gnutls_session_t session;

109

AvahiSimplePoll *simple_poll;

110

AvahiServer *server;

111

gnutls_certificate_credentials_t cred;

112

unsigned int dh_bits;

113

gnutls_dh_params_t dh_params;

} encrypted_session;

ssize_t pgp_packet_decrypt (char *packet, size_t packet_size,

char **new_packet, const char *homedir){

114

const char *priority;

115

} mandos_context;

116

117

118

* Make room in "buffer" for at least BUFFER_SIZE additional bytes.

119

* "buffer_capacity" is how much is currently allocated,

120

* "buffer_length" is how much is already used.

121

122

size_t adjustbuffer(char **buffer, size_t buffer_length,

123

size_t buffer_capacity){

124

if (buffer_length + BUFFER_SIZE > buffer_capacity){

125

*buffer = realloc(*buffer, buffer_capacity + BUFFER_SIZE);

126

if (buffer == NULL){

127

return 0;

128

}

129

buffer_capacity += BUFFER_SIZE;

130

}

131

return buffer_capacity;

132

}

133

134

135

* Decrypt OpenPGP data using keyrings in HOMEDIR.

136

* Returns -1 on error

137

138

static ssize_t pgp_packet_decrypt (const char *cryptotext,

139

size_t crypto_size,

140

char **plaintext,

141

const char *homedir){

142

gpgme_data_t dh_crypto, dh_plain;

143

gpgme_ctx_t ctx;

144

gpgme_error_t rc;

145

ssize_t ret;

ssize_t new_packet_capacity = 0;

ssize_t new_packet_length = 0;

146

size_t plaintext_capacity = 0;

147

ssize_t plaintext_length = 0;

148

gpgme_engine_info_t engine_info;

149

150

if (debug){

fprintf(stderr, "Trying to decrypt OpenPGP packet\n");

151

fprintf(stderr, "Trying to decrypt OpenPGP data\n");

152

}

100

153

101

154

/* Init GPGME */

102

155

gpgme_check_version(NULL);

103

gpgme_engine_check_version(GPGME_PROTOCOL_OpenPGP);

156

rc = gpgme_engine_check_version(GPGME_PROTOCOL_OpenPGP);

157

if (rc != GPG_ERR_NO_ERROR){

158

fprintf(stderr, "bad gpgme_engine_check_version: %s: %s\n",

159

gpgme_strsource(rc), gpgme_strerror(rc));

160

return -1;

161

}

104

162

105

/* Set GPGME home directory */

163

/* Set GPGME home directory for the OpenPGP engine only */

106

164

rc = gpgme_get_engine_info (&engine_info);

107

165

if (rc != GPG_ERR_NO_ERROR){

108

166

fprintf(stderr, "bad gpgme_get_engine_info: %s: %s\n",

118

176

engine_info = engine_info->next;

119

177

}

120

178

if(engine_info == NULL){

121

fprintf(stderr, "Could not set home dir to %s\n", homedir);

179

fprintf(stderr, "Could not set GPGME home dir to %s\n", homedir);

122

180

return -1;

123

181

}

124

182

125

/* Create new GPGME data buffer from packet buffer */

126

rc = gpgme_data_new_from_mem(&dh_crypto, packet, packet_size, 0);

183

/* Create new GPGME data buffer from memory cryptotext */

184

rc = gpgme_data_new_from_mem(&dh_crypto, cryptotext, crypto_size,

185

0);

127

186

if (rc != GPG_ERR_NO_ERROR){

128

187

fprintf(stderr, "bad gpgme_data_new_from_mem: %s: %s\n",

129

188

gpgme_strsource(rc), gpgme_strerror(rc));

135

194

if (rc != GPG_ERR_NO_ERROR){

136

195

fprintf(stderr, "bad gpgme_data_new: %s: %s\n",

137

196

gpgme_strsource(rc), gpgme_strerror(rc));

197

gpgme_data_release(dh_crypto);

138

198

return -1;

139

199

}

140

200

143

203

if (rc != GPG_ERR_NO_ERROR){

144

204

fprintf(stderr, "bad gpgme_new: %s: %s\n",

145

205

gpgme_strsource(rc), gpgme_strerror(rc));

146

return -1;

206

plaintext_length = -1;

207

goto decrypt_end;

147

208

}

148

209

149

/* Decrypt data from the FILE pointer to the plaintext data

150

buffer */

210

/* Decrypt data from the cryptotext data buffer to the plaintext

211

data buffer */

151

212

rc = gpgme_op_decrypt(ctx, dh_crypto, dh_plain);

152

213

if (rc != GPG_ERR_NO_ERROR){

153

214

fprintf(stderr, "bad gpgme_op_decrypt: %s: %s\n",

154

215

gpgme_strsource(rc), gpgme_strerror(rc));

155

return -1;

216

plaintext_length = -1;

217

goto decrypt_end;

156

218

}

157

219

158

220

if(debug){

159

fprintf(stderr, "Decryption of OpenPGP packet succeeded\n");

221

fprintf(stderr, "Decryption of OpenPGP data succeeded\n");

160

222

}

161

223

162

224

if (debug){

163

225

gpgme_decrypt_result_t result;

164

226

result = gpgme_op_decrypt_result(ctx);

167

229

} else {

168

230

fprintf(stderr, "Unsupported algorithm: %s\n",

169

231

result->unsupported_algorithm);

170

fprintf(stderr, "Wrong key usage: %d\n",

232

fprintf(stderr, "Wrong key usage: %u\n",

171

233

result->wrong_key_usage);

172

234

if(result->file_name != NULL){

173

235

fprintf(stderr, "File name: %s\n", result->file_name);

188

250

}

189

251

}

190

252

191

/* Delete the GPGME FILE pointer cryptotext data buffer */

192

gpgme_data_release(dh_crypto);

193

194

253

/* Seek back to the beginning of the GPGME plaintext data buffer */

195

gpgme_data_seek(dh_plain, (off_t) 0, SEEK_SET);

196

197

*new_packet = 0;

254

if (gpgme_data_seek(dh_plain, (off_t) 0, SEEK_SET) == -1){

255

perror("pgpme_data_seek");

256

plaintext_length = -1;

257

goto decrypt_end;

258

}

259

260

*plaintext = NULL;

198

261

while(true){

199

if (new_packet_length + BUFFER_SIZE > new_packet_capacity){

200

*new_packet = realloc(*new_packet,

201

(unsigned int)new_packet_capacity

202

+ BUFFER_SIZE);

203

if (*new_packet == NULL){

204

perror("realloc");

205

return -1;

206

}

207

new_packet_capacity += BUFFER_SIZE;

262

plaintext_capacity = adjustbuffer(plaintext,

263

(size_t)plaintext_length,

264

plaintext_capacity);

265

if (plaintext_capacity == 0){

266

perror("adjustbuffer");

267

plaintext_length = -1;

268

goto decrypt_end;

208

269

}

209

270

210

ret = gpgme_data_read(dh_plain, *new_packet + new_packet_length,

271

ret = gpgme_data_read(dh_plain, *plaintext + plaintext_length,

211

272

BUFFER_SIZE);

212

273

/* Print the data, if any */

213

274

if (ret == 0){

275

/* EOF */

214

276

break;

215

277

}

216

278

if(ret < 0){

217

279

perror("gpgme_data_read");

218

return -1;

280

plaintext_length = -1;

281

goto decrypt_end;

219

282

}

220

new_packet_length += ret;

283

plaintext_length += ret;

221

284

}

222

285

223

/* FIXME: check characters before printing to screen so to not print

224

terminal control characters */

225

/* if(debug){ */

226

/* fprintf(stderr, "decrypted password is: "); */

227

/* fwrite(*new_packet, 1, new_packet_length, stderr); */

228

/* fprintf(stderr, "\n"); */

229

/* } */

286

if(debug){

287

fprintf(stderr, "Decrypted password is: ");

288

for(ssize_t i = 0; i < plaintext_length; i++){

289

fprintf(stderr, "%02hhX ", (*plaintext)[i]);

290

}

291

fprintf(stderr, "\n");

292

}

293

294

decrypt_end:

295

296

/* Delete the GPGME cryptotext data buffer */

297

gpgme_data_release(dh_crypto);

230

298

231

299

/* Delete the GPGME plaintext data buffer */

232

300

gpgme_data_release(dh_plain);

233

return new_packet_length;

301

return plaintext_length;

234

302

}

235

303

236

304

static const char * safer_gnutls_strerror (int value) {

237

const char *ret = gnutls_strerror (value);

305

const char *ret = gnutls_strerror (value); /* Spurious warning */

238

306

if (ret == NULL)

239

307

ret = "(unknown)";

240

308

return ret;

241

309

}

242

310

243

void debuggnutls(__attribute__((unused)) int level,

244

const char* string){

245

fprintf(stderr, "%s", string);

311

/* GnuTLS log function callback */

312

static void debuggnutls(__attribute__((unused)) int level,

313

const char* string){

314

fprintf(stderr, "GnuTLS: %s", string);

246

315

}

247

316

248

int initgnutls(encrypted_session *es){

249

const char *err;

317

static int init_gnutls_global(mandos_context *mc,

318

const char *pubkeyfilename,

319

const char *seckeyfilename){

250

320

int ret;

251

321

252

322

if(debug){

253

323

fprintf(stderr, "Initializing GnuTLS\n");

254

324

}

255

325

256

if ((ret = gnutls_global_init ())

257

!= GNUTLS_E_SUCCESS) {

258

fprintf (stderr, "global_init: %s\n", safer_gnutls_strerror(ret));

326

ret = gnutls_global_init();

327

if (ret != GNUTLS_E_SUCCESS) {

328

fprintf (stderr, "GnuTLS global_init: %s\n",

329

safer_gnutls_strerror(ret));

259

330

return -1;

260

331

}

261

332

262

333

if (debug){

334

/* "Use a log level over 10 to enable all debugging options."

335

* - GnuTLS manual

336

263

337

gnutls_global_set_log_level(11);

264

338

gnutls_global_set_log_function(debuggnutls);

265

339

}

266

340

267

/* openpgp credentials */

268

if ((ret = gnutls_certificate_allocate_credentials (&es->cred))

269

!= GNUTLS_E_SUCCESS) {

270

fprintf (stderr, "memory error: %s\n",

341

/* OpenPGP credentials */

342

gnutls_certificate_allocate_credentials(&mc->cred);

343

if (ret != GNUTLS_E_SUCCESS){

344

fprintf (stderr, "GnuTLS memory error: %s\n", /* Spurious

345

warning */

271

346

safer_gnutls_strerror(ret));

347

gnutls_global_deinit ();

272

348

return -1;

273

349

}

274

350

275

351

if(debug){

276

352

fprintf(stderr, "Attempting to use OpenPGP certificate %s"

277

" and keyfile %s as GnuTLS credentials\n", CERTFILE,

278

KEYFILE);

353

" and keyfile %s as GnuTLS credentials\n", pubkeyfilename,

354

seckeyfilename);

279

355

}

280

356

281

357

ret = gnutls_certificate_set_openpgp_key_file

282

(es->cred, CERTFILE, KEYFILE, GNUTLS_OPENPGP_FMT_BASE64);

358

(mc->cred, pubkeyfilename, seckeyfilename,

359

GNUTLS_OPENPGP_FMT_BASE64);

283

360

if (ret != GNUTLS_E_SUCCESS) {

284

fprintf

285

(stderr, "Error[%d] while reading the OpenPGP key pair ('%s',"

286

" '%s')\n",

287

ret, CERTFILE, KEYFILE);

288

fprintf(stdout, "The Error is: %s\n",

361

fprintf(stderr,

362

"Error[%d] while reading the OpenPGP key pair ('%s',"

363

" '%s')\n", ret, pubkeyfilename, seckeyfilename);

364

fprintf(stdout, "The GnuTLS error is: %s\n",

289

365

safer_gnutls_strerror(ret));

290

return -1;

291

}

292

293

//GnuTLS server initialization

294

if ((ret = gnutls_dh_params_init (&es->dh_params))

295

!= GNUTLS_E_SUCCESS) {

296

fprintf (stderr, "Error in dh parameter initialization: %s\n",

297

safer_gnutls_strerror(ret));

298

return -1;

299

}

300

301

if ((ret = gnutls_dh_params_generate2 (es->dh_params, DH_BITS))

302

!= GNUTLS_E_SUCCESS) {

303

fprintf (stderr, "Error in prime generation: %s\n",

304

safer_gnutls_strerror(ret));

305

return -1;

306

}

307

308

gnutls_certificate_set_dh_params (es->cred, es->dh_params);

309

310

// GnuTLS session creation

311

if ((ret = gnutls_init (&es->session, GNUTLS_SERVER))

312

!= GNUTLS_E_SUCCESS){

366

goto globalfail;

367

}

368

369

/* GnuTLS server initialization */

370

ret = gnutls_dh_params_init(&mc->dh_params);

371

if (ret != GNUTLS_E_SUCCESS) {

372

fprintf (stderr, "Error in GnuTLS DH parameter initialization:"

373

" %s\n", safer_gnutls_strerror(ret));

374

goto globalfail;

375

}

376

ret = gnutls_dh_params_generate2(mc->dh_params, mc->dh_bits);

377

if (ret != GNUTLS_E_SUCCESS) {

378

fprintf (stderr, "Error in GnuTLS prime generation: %s\n",

379

safer_gnutls_strerror(ret));

380

goto globalfail;

381

}

382

383

gnutls_certificate_set_dh_params(mc->cred, mc->dh_params);

384

385

return 0;

386

387

globalfail:

388

389

gnutls_certificate_free_credentials(mc->cred);

390

gnutls_global_deinit();

391

return -1;

392

393

}

394

395

static int init_gnutls_session(mandos_context *mc,

396

gnutls_session_t *session){

397

int ret;

398

/* GnuTLS session creation */

399

ret = gnutls_init(session, GNUTLS_SERVER);

400

if (ret != GNUTLS_E_SUCCESS){

313

401

fprintf(stderr, "Error in GnuTLS session initialization: %s\n",

314

402

safer_gnutls_strerror(ret));

315

403

}

316

404

317

if ((ret = gnutls_priority_set_direct (es->session, "NORMAL", &err))

318

!= GNUTLS_E_SUCCESS) {

319

fprintf(stderr, "Syntax error at: %s\n", err);

320

fprintf(stderr, "GnuTLS error: %s\n",

321

safer_gnutls_strerror(ret));

322

return -1;

405

{

406

const char *err;

407

ret = gnutls_priority_set_direct(*session, mc->priority, &err);

408

if (ret != GNUTLS_E_SUCCESS) {

409

fprintf(stderr, "Syntax error at: %s\n", err);

410

fprintf(stderr, "GnuTLS error: %s\n",

411

safer_gnutls_strerror(ret));

412

gnutls_deinit (*session);

413

return -1;

414

}

323

415

}

324

416

325

if ((ret = gnutls_credentials_set

326

(es->session, GNUTLS_CRD_CERTIFICATE, es->cred))

327

!= GNUTLS_E_SUCCESS) {

328

fprintf(stderr, "Error setting a credentials set: %s\n",

417

ret = gnutls_credentials_set(*session, GNUTLS_CRD_CERTIFICATE,

418

mc->cred);

419

if (ret != GNUTLS_E_SUCCESS) {

420

fprintf(stderr, "Error setting GnuTLS credentials: %s\n",

329

421

safer_gnutls_strerror(ret));

422

gnutls_deinit (*session);

330

423

return -1;

331

424

}

332

425

333

426

/* ignore client certificate if any. */

334

gnutls_certificate_server_set_request (es->session,

427

gnutls_certificate_server_set_request (*session,

335

428

GNUTLS_CERT_IGNORE);

336

429

337

gnutls_dh_set_prime_bits (es->session, DH_BITS);

430

gnutls_dh_set_prime_bits (*session, mc->dh_bits);

338

431

339

432

return 0;

340

433

}

341

434

342

void empty_log(__attribute__((unused)) AvahiLogLevel level,

343

__attribute__((unused)) const char *txt){}

435

/* Avahi log function callback */

436

static void empty_log(__attribute__((unused)) AvahiLogLevel level,

437

__attribute__((unused)) const char *txt){}

344

438

345

int start_mandos_communication(const char *ip, uint16_t port,

346

unsigned int if_index){

439

/* Called when a Mandos server is found */

440

static int start_mandos_communication(const char *ip, uint16_t port,

441

AvahiIfIndex if_index,

442

mandos_context *mc){

347

443

int ret, tcp_sd;

348

struct sockaddr_in6 to;

349

encrypted_session es;

444

union { struct sockaddr in; struct sockaddr_in6 in6; } to;

350

445

char *buffer = NULL;

351

446

char *decrypted_buffer;

352

447

size_t buffer_length = 0;

353

448

size_t buffer_capacity = 0;

354

449

ssize_t decrypted_buffer_size;

355

size_t written = 0;

450

size_t written;

356

451

int retval = 0;

357

452

char interface[IF_NAMESIZE];

453

gnutls_session_t session;

454

455

ret = init_gnutls_session (mc, &session);

456

if (ret != 0){

457

return -1;

458

}

358

459

359

460

if(debug){

360

fprintf(stderr, "Setting up a tcp connection to %s, port %d\n",

361

ip, port);

461

fprintf(stderr, "Setting up a tcp connection to %s, port %" PRIu16

462

"\n", ip, port);

362

463

}

363

464

364

465

tcp_sd = socket(PF_INET6, SOCK_STREAM, 0);

366

467

perror("socket");

367

468

return -1;

368

469

}

369

370

if(if_indextoname(if_index, interface) == NULL){

371

if(debug){

470

471

if(debug){

472

if(if_indextoname((unsigned int)if_index, interface) == NULL){

372

473

perror("if_indextoname");

474

return -1;

373

475

}

374

return -1;

375

}

376

377

if(debug){

378

476

fprintf(stderr, "Binding to interface %s\n", interface);

379

477

}

380

478

381

memset(&to,0,sizeof(to)); /* Spurious warning */

382

to.sin6_family = AF_INET6;

383

ret = inet_pton(AF_INET6, ip, &to.sin6_addr);

479

memset(&to, 0, sizeof(to));

480

to.in6.sin6_family = AF_INET6;

481

/* It would be nice to have a way to detect if we were passed an

482

IPv4 address here. Now we assume an IPv6 address. */

483

ret = inet_pton(AF_INET6, ip, &to.in6.sin6_addr);

384

484

if (ret < 0 ){

385

485

perror("inet_pton");

386

486

return -1;

387

}

487

}

388

488

if(ret == 0){

389

489

fprintf(stderr, "Bad address: %s\n", ip);

390

490

return -1;

391

491

}

392

to.sin6_port = htons(port); /* Spurious warning */

492

to.in6.sin6_port = htons(port); /* Spurious warning */

393

493

394

to.sin6_scope_id = (uint32_t)if_index;

494

to.in6.sin6_scope_id = (uint32_t)if_index;

395

495

396

496

if(debug){

397

fprintf(stderr, "Connection to: %s, port %d\n", ip, port);

398

/* char addrstr[INET6_ADDRSTRLEN]; */

399

/* if(inet_ntop(to.sin6_family, &(to.sin6_addr), addrstr, */

400

/* sizeof(addrstr)) == NULL){ */

401

/* perror("inet_ntop"); */

402

/* } else { */

403

/* fprintf(stderr, "Really connecting to: %s, port %d\n", */

404

/* addrstr, ntohs(to.sin6_port)); */

405

/* } */

497

fprintf(stderr, "Connection to: %s, port %" PRIu16 "\n", ip,

498

port);

499

char addrstr[INET6_ADDRSTRLEN] = "";

500

if(inet_ntop(to.in6.sin6_family, &(to.in6.sin6_addr), addrstr,

501

sizeof(addrstr)) == NULL){

502

perror("inet_ntop");

503

} else {

504

if(strcmp(addrstr, ip) != 0){

505

fprintf(stderr, "Canonical address form: %s\n", addrstr);

506

}

507

}

406

508

}

407

509

408

ret = connect(tcp_sd, (struct sockaddr *) &to, sizeof(to));

510

ret = connect(tcp_sd, &to.in, sizeof(to));

409

511

if (ret < 0){

410

512

perror("connect");

411

513

return -1;

412

514

}

413

414

ret = initgnutls (&es);

415

if (ret != 0){

416

retval = -1;

417

return -1;

515

516

const char *out = mandos_protocol_version;

517

written = 0;

518

while (true){

519

size_t out_size = strlen(out);

520

ret = TEMP_FAILURE_RETRY(write(tcp_sd, out + written,

521

out_size - written));

522

if (ret == -1){

523

perror("write");

524

retval = -1;

525

goto mandos_end;

526

}

527

written += (size_t)ret;

528

if(written < out_size){

529

continue;

530

} else {

531

if (out == mandos_protocol_version){

532

written = 0;

533

out = "\r\n";

534

} else {

535

break;

536

}

537

}

418

538

}

419

420

gnutls_transport_set_ptr (es.session,

421

(gnutls_transport_ptr_t) tcp_sd);

422

539

423

540

if(debug){

424

541

fprintf(stderr, "Establishing TLS session with %s\n", ip);

425

542

}

426

543

427

ret = gnutls_handshake (es.session);

544

gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) tcp_sd);

545

546

do{

547

ret = gnutls_handshake (session);

548

} while(ret == GNUTLS_E_AGAIN or ret == GNUTLS_E_INTERRUPTED);

428

549

429

550

if (ret != GNUTLS_E_SUCCESS){

430

551

if(debug){

431

fprintf(stderr, "\n*** Handshake failed ***\n");

552

fprintf(stderr, "*** GnuTLS Handshake failed ***\n");

432

553

gnutls_perror (ret);

433

554

}

434

555

retval = -1;

435

goto exit;

556

goto mandos_end;

436

557

}

437

558

438

//Retrieve OpenPGP packet that contains the wanted password

559

/* Read OpenPGP packet that contains the wanted password */

439

560

440

561

if(debug){

441

562

fprintf(stderr, "Retrieving pgp encrypted password from %s\n",

443

564

}

444

565

445

566

while(true){

446

if (buffer_length + BUFFER_SIZE > buffer_capacity){

447

buffer = realloc(buffer, buffer_capacity + BUFFER_SIZE);

448

if (buffer == NULL){

449

perror("realloc");

450

goto exit;

451

}

452

buffer_capacity += BUFFER_SIZE;

567

buffer_capacity = adjustbuffer(&buffer, buffer_length,

568

buffer_capacity);

569

if (buffer_capacity == 0){

570

perror("adjustbuffer");

571

retval = -1;

572

goto mandos_end;

453

573

}

454

574

455

ret = gnutls_record_recv

456

(es.session, buffer+buffer_length, BUFFER_SIZE);

575

ret = gnutls_record_recv(session, buffer+buffer_length,

576

BUFFER_SIZE);

457

577

if (ret == 0){

458

578

break;

459

579

}

463

583

case GNUTLS_E_AGAIN:

464

584

break;

465

585

case GNUTLS_E_REHANDSHAKE:

466

ret = gnutls_handshake (es.session);

586

do{

587

ret = gnutls_handshake (session);

588

} while(ret == GNUTLS_E_AGAIN or ret == GNUTLS_E_INTERRUPTED);

467

589

if (ret < 0){

468

fprintf(stderr, "\n*** Handshake failed ***\n");

590

fprintf(stderr, "*** GnuTLS Re-handshake failed ***\n");

469

591

gnutls_perror (ret);

470

592

retval = -1;

471

goto exit;

593

goto mandos_end;

472

594

}

473

595

break;

474

596

default:

475

597

fprintf(stderr, "Unknown error while reading data from"

476

" encrypted session with mandos server\n");

598

" encrypted session with Mandos server\n");

477

599

retval = -1;

478

gnutls_bye (es.session, GNUTLS_SHUT_RDWR);

479

goto exit;

600

gnutls_bye (session, GNUTLS_SHUT_RDWR);

601

goto mandos_end;

480

602

}

481

603

} else {

482

604

buffer_length += (size_t) ret;

483

605

}

484

606

}

485

607

608

if(debug){

609

fprintf(stderr, "Closing TLS session\n");

610

}

611

612

gnutls_bye (session, GNUTLS_SHUT_RDWR);

613

486

614

if (buffer_length > 0){

487

615

decrypted_buffer_size = pgp_packet_decrypt(buffer,

488

616

buffer_length,

489

617

&decrypted_buffer,

490

CERT_ROOT);

618

keydir);

491

619

if (decrypted_buffer_size >= 0){

620

written = 0;

492

621

while(written < (size_t) decrypted_buffer_size){

493

622

ret = (int)fwrite (decrypted_buffer + written, 1,

494

623

(size_t)decrypted_buffer_size - written,

507

636

} else {

508

637

retval = -1;

509

638

}

510

}

511

512

//shutdown procedure

513

514

if(debug){

515

fprintf(stderr, "Closing TLS session\n");

516

}

517

639

} else {

640

retval = -1;

641

}

642

643

/* Shutdown procedure */

644

645

mandos_end:

518

646

free(buffer);

519

gnutls_bye (es.session, GNUTLS_SHUT_RDWR);

520

exit:

521

647

close(tcp_sd);

522

gnutls_deinit (es.session);

523

gnutls_certificate_free_credentials (es.cred);

524

gnutls_global_deinit ();

648

gnutls_deinit (session);

525

649

return retval;

526

650

}

527

651

528

static AvahiSimplePoll *simple_poll = NULL;

529

static AvahiServer *server = NULL;

530

531

static void resolve_callback(

532

AvahiSServiceResolver *r,

533

AvahiIfIndex interface,

534

AVAHI_GCC_UNUSED AvahiProtocol protocol,

535

AvahiResolverEvent event,

536

const char *name,

537

const char *type,

538

const char *domain,

539

const char *host_name,

540

const AvahiAddress *address,

541

uint16_t port,

542

AVAHI_GCC_UNUSED AvahiStringList *txt,

543

AVAHI_GCC_UNUSED AvahiLookupResultFlags flags,

544

AVAHI_GCC_UNUSED void* userdata) {

545

546

assert(r); /* Spurious warning */

652

static void resolve_callback(AvahiSServiceResolver *r,

653

AvahiIfIndex interface,

654

AVAHI_GCC_UNUSED AvahiProtocol protocol,

655

AvahiResolverEvent event,

656

const char *name,

657

const char *type,

658

const char *domain,

659

const char *host_name,

660

const AvahiAddress *address,

661

uint16_t port,

662

AVAHI_GCC_UNUSED AvahiStringList *txt,

663

AVAHI_GCC_UNUSED AvahiLookupResultFlags

664

flags,

665

void* userdata) {

666

mandos_context *mc = userdata;

667

assert(r);

547

668

548

669

/* Called whenever a service has been resolved successfully or

549

670

timed out */

551

672

switch (event) {

552

673

default:

553

674

case AVAHI_RESOLVER_FAILURE:

554

fprintf(stderr, "(Resolver) Failed to resolve service '%s' of"

555

" type '%s' in domain '%s': %s\n", name, type, domain,

556

avahi_strerror(avahi_server_errno(server)));

675

fprintf(stderr, "(Avahi Resolver) Failed to resolve service '%s'"

676

" of type '%s' in domain '%s': %s\n", name, type, domain,

677

avahi_strerror(avahi_server_errno(mc->server)));

557

678

break;

558

679

559

680

case AVAHI_RESOLVER_FOUND:

561

682

char ip[AVAHI_ADDRESS_STR_MAX];

562

683

avahi_address_snprint(ip, sizeof(ip), address);

563

684

if(debug){

564

fprintf(stderr, "Mandos server \"%s\" found on %s (%s) on"

565

" port %d\n", name, host_name, ip, port);

685

fprintf(stderr, "Mandos server \"%s\" found on %s (%s, %"

686

PRIu16 ") on port %d\n", name, host_name, ip,

687

interface, port);

566

688

}

567

int ret = start_mandos_communication(ip, port,

568

(unsigned int) interface);

689

int ret = start_mandos_communication(ip, port, interface, mc);

569

690

if (ret == 0){

570

exit(EXIT_SUCCESS);

691

avahi_simple_poll_quit(mc->simple_poll);

571

692

}

572

693

}

573

694

}

574

695

avahi_s_service_resolver_free(r);

575

696

}

576

697

577

static void browse_callback(

578

AvahiSServiceBrowser *b,

579

AvahiIfIndex interface,

580

AvahiProtocol protocol,

581

AvahiBrowserEvent event,

582

const char *name,

583

const char *type,

584

const char *domain,

585

AVAHI_GCC_UNUSED AvahiLookupResultFlags flags,

586

void* userdata) {

587

588

AvahiServer *s = userdata;

589

assert(b); /* Spurious warning */

590

591

/* Called whenever a new services becomes available on the LAN or

592

is removed from the LAN */

593

594

switch (event) {

595

default:

596

case AVAHI_BROWSER_FAILURE:

597

598

fprintf(stderr, "(Browser) %s\n",

599

avahi_strerror(avahi_server_errno(server)));

600

avahi_simple_poll_quit(simple_poll);

601

return;

602

603

case AVAHI_BROWSER_NEW:

604

/* We ignore the returned resolver object. In the callback

605

function we free it. If the server is terminated before

606

the callback function is called the server will free

607

the resolver for us. */

608

609

if (!(avahi_s_service_resolver_new(s, interface, protocol, name,

610

type, domain,

611

AVAHI_PROTO_INET6, 0,

612

resolve_callback, s)))

613

fprintf(stderr, "Failed to resolve service '%s': %s\n", name,

614

avahi_strerror(avahi_server_errno(s)));

615

break;

616

617

case AVAHI_BROWSER_REMOVE:

618

break;

619

620

case AVAHI_BROWSER_ALL_FOR_NOW:

621

case AVAHI_BROWSER_CACHE_EXHAUSTED:

622

break;

698

static void browse_callback( AvahiSServiceBrowser *b,

699

AvahiIfIndex interface,

700

AvahiProtocol protocol,

701

AvahiBrowserEvent event,

702

const char *name,

703

const char *type,

704

const char *domain,

705

AVAHI_GCC_UNUSED AvahiLookupResultFlags

706

flags,

707

void* userdata) {

708

mandos_context *mc = userdata;

709

assert(b);

710

711

/* Called whenever a new services becomes available on the LAN or

712

is removed from the LAN */

713

714

switch (event) {

715

default:

716

case AVAHI_BROWSER_FAILURE:

717

718

fprintf(stderr, "(Avahi browser) %s\n",

719

avahi_strerror(avahi_server_errno(mc->server)));

720

avahi_simple_poll_quit(mc->simple_poll);

721

return;

722

723

case AVAHI_BROWSER_NEW:

724

/* We ignore the returned Avahi resolver object. In the callback

725

function we free it. If the Avahi server is terminated before

726

the callback function is called the Avahi server will free the

727

resolver for us. */

728

729

if (!(avahi_s_service_resolver_new(mc->server, interface,

730

protocol, name, type, domain,

731

AVAHI_PROTO_INET6, 0,

732

resolve_callback, mc)))

733

fprintf(stderr, "Avahi: Failed to resolve service '%s': %s\n",

734

name, avahi_strerror(avahi_server_errno(mc->server)));

735

break;

736

737

case AVAHI_BROWSER_REMOVE:

738

break;

739

740

case AVAHI_BROWSER_ALL_FOR_NOW:

741

case AVAHI_BROWSER_CACHE_EXHAUSTED:

742

if(debug){

743

fprintf(stderr, "No Mandos server found, still searching...\n");

623

744

}

624

}

625

626

int main(AVAHI_GCC_UNUSED int argc, AVAHI_GCC_UNUSED char*argv[]) {

627

AvahiServerConfig config;

745

break;

746

}

747

}

748

749

/* Combines file name and path and returns the malloced new

750

string. some sane checks could/should be added */

751

static char *combinepath(const char *first, const char *second){

752

char *tmp;

753

int ret = asprintf(&tmp, "%s/%s", first, second);

754

if(ret < 0){

755

return NULL;

756

}

757

return tmp;

758

}

759

760

761

int main(int argc, char *argv[]){

628

762

AvahiSServiceBrowser *sb = NULL;

629

763

int error;

630

764

int ret;

631

int returncode = EXIT_SUCCESS;

765

int exitcode = EXIT_SUCCESS;

632

766

const char *interface = "eth0";

633

unsigned int if_index;

767

struct ifreq network;

768

int sd;

769

uid_t uid;

770

gid_t gid;

634

771

char *connect_to = NULL;

635

636

while (true){

637

static struct option long_options[] = {

638

{"debug", no_argument, (int *)&debug, 1},

639

{"connect", required_argument, 0, 'c'},

640

{"interface", required_argument, 0, 'i'},

641

{0, 0, 0, 0} };

642

643

int option_index = 0;

644

ret = getopt_long (argc, argv, "i:", long_options,

645

&option_index);

646

647

if (ret == -1){

648

break;

649

}

650

651

switch(ret){

652

case 0:

653

break;

654

case 'i':

655

interface = optarg;

656

break;

657

case 'c':

658

connect_to = optarg;

659

break;

660

default:

661

exit(EXIT_FAILURE);

662

}

663

}

664

665

if_index = if_nametoindex(interface);

772

AvahiIfIndex if_index = AVAHI_IF_UNSPEC;

773

char *pubkeyfilename = NULL;

774

char *seckeyfilename = NULL;

775

const char *pubkeyname = "pubkey.txt";

776

const char *seckeyname = "seckey.txt";

777

mandos_context mc = { .simple_poll = NULL, .server = NULL,

778

.dh_bits = 1024, .priority = "SECURE256"};

779

bool gnutls_initalized = false;

780

781

{

782

struct argp_option options[] = {

783

{ .name = "debug", .key = 128,

784

.doc = "Debug mode", .group = 3 },

785

{ .name = "connect", .key = 'c',

786

.arg = "IP",

787

.doc = "Connect directly to a sepcified mandos server",

788

.group = 1 },

789

{ .name = "interface", .key = 'i',

790

.arg = "INTERFACE",

791

.doc = "Interface that Avahi will conntect through",

792

.group = 1 },

793

{ .name = "keydir", .key = 'd',

794

.arg = "KEYDIR",

795

.doc = "Directory where the openpgp keyring is",

796

.group = 1 },

797

{ .name = "seckey", .key = 's',

798

.arg = "SECKEY",

799

.doc = "Secret openpgp key for gnutls authentication",

800

.group = 1 },

801

{ .name = "pubkey", .key = 'p',

802

.arg = "PUBKEY",

803

.doc = "Public openpgp key for gnutls authentication",

804

.group = 2 },

805

{ .name = "dh-bits", .key = 129,

806

.arg = "BITS",

807

.doc = "dh-bits to use in gnutls communication",

808

.group = 2 },

809

{ .name = "priority", .key = 130,

810

.arg = "PRIORITY",

811

.doc = "GNUTLS priority", .group = 1 },

812

{ .name = NULL }

813

};

814

815

816

error_t parse_opt (int key, char *arg,

817

struct argp_state *state) {

818

/* Get the INPUT argument from `argp_parse', which we know is

819

a pointer to our plugin list pointer. */

820

switch (key) {

821

case 128:

822

debug = true;

823

break;

824

case 'c':

825

connect_to = arg;

826

break;

827

case 'i':

828

interface = arg;

829

break;

830

case 'd':

831

keydir = arg;

832

break;

833

case 's':

834

seckeyname = arg;

835

break;

836

case 'p':

837

pubkeyname = arg;

838

break;

839

case 129:

840

errno = 0;

841

mc.dh_bits = (unsigned int) strtol(arg, NULL, 10);

842

if (errno){

843

perror("strtol");

844

exit(EXIT_FAILURE);

845

}

846

break;

847

case 130:

848

mc.priority = arg;

849

break;

850

case ARGP_KEY_ARG:

851

argp_usage (state);

852

case ARGP_KEY_END:

853

break;

854

default:

855

return ARGP_ERR_UNKNOWN;

856

}

857

return 0;

858

}

859

860

struct argp argp = { .options = options, .parser = parse_opt,

861

.args_doc = "",

862

.doc = "Mandos client -- Get and decrypt"

863

" passwords from mandos server" };

864

ret = argp_parse (&argp, argc, argv, 0, 0, NULL);

865

if (ret == ARGP_ERR_UNKNOWN){

866

fprintf(stderr, "Unknown error while parsing arguments\n");

867

exitcode = EXIT_FAILURE;

868

goto end;

869

}

870

}

871

872

pubkeyfilename = combinepath(keydir, pubkeyname);

873

if (pubkeyfilename == NULL){

874

perror("combinepath");

875

exitcode = EXIT_FAILURE;

876

goto end;

877

}

878

879

seckeyfilename = combinepath(keydir, seckeyname);

880

if (seckeyfilename == NULL){

881

perror("combinepath");

882

exitcode = EXIT_FAILURE;

883

goto end;

884

}

885

886

ret = init_gnutls_global(&mc, pubkeyfilename, seckeyfilename);

887

if (ret == -1){

888

fprintf(stderr, "init_gnutls_global failed\n");

889

exitcode = EXIT_FAILURE;

890

goto end;

891

} else {

892

gnutls_initalized = true;

893

}

894

895

/* If the interface is down, bring it up */

896

{

897

sd = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);

898

if(sd < 0) {

899

perror("socket");

900

exitcode = EXIT_FAILURE;

901

goto end;

902

}

903

strcpy(network.ifr_name, interface);

904

ret = ioctl(sd, SIOCGIFFLAGS, &network);

905

if(ret == -1){

906

perror("ioctl SIOCGIFFLAGS");

907

exitcode = EXIT_FAILURE;

908

goto end;

909

}

910

if((network.ifr_flags & IFF_UP) == 0){

911

network.ifr_flags |= IFF_UP;

912

ret = ioctl(sd, SIOCSIFFLAGS, &network);

913

if(ret == -1){

914

perror("ioctl SIOCSIFFLAGS");

915

exitcode = EXIT_FAILURE;

916

goto end;

917

}

918

}

919

close(sd);

920

}

921

922

uid = getuid();

923

gid = getgid();

924

925

ret = setuid(uid);

926

if (ret == -1){

927

perror("setuid");

928

}

929

930

setgid(gid);

931

if (ret == -1){

932

perror("setgid");

933

}

934

935

if_index = (AvahiIfIndex) if_nametoindex(interface);

666

936

if(if_index == 0){

667

937

fprintf(stderr, "No such interface: \"%s\"\n", interface);

668

938

exit(EXIT_FAILURE);

674

944

char *address = strrchr(connect_to, ':');

675

945

if(address == NULL){

676

946

fprintf(stderr, "No colon in address\n");

677

exit(EXIT_FAILURE);

947

exitcode = EXIT_FAILURE;

948

goto end;

678

949

}

679

950

errno = 0;

680

951

uint16_t port = (uint16_t) strtol(address+1, NULL, 10);

681

952

if(errno){

682

953

perror("Bad port number");

683

exit(EXIT_FAILURE);

954

exitcode = EXIT_FAILURE;

955

goto end;

684

956

}

685

957

*address = '\0';

686

958

address = connect_to;

687

ret = start_mandos_communication(address, port, if_index);

959

ret = start_mandos_communication(address, port, if_index, &mc);

688

960

if(ret < 0){

689

exit(EXIT_FAILURE);

961

exitcode = EXIT_FAILURE;

690

962

} else {

691

exit(EXIT_SUCCESS);

963

exitcode = EXIT_SUCCESS;

692

964

}

965

goto end;

693

966

}

694

967

695

968

if (not debug){

696

969

avahi_set_log_function(empty_log);

697

970

}

698

971

699

/* Initialize the psuedo-RNG */

972

/* Initialize the pseudo-RNG for Avahi */

700

973

srand((unsigned int) time(NULL));

701

702

/* Allocate main loop object */

703

if (!(simple_poll = avahi_simple_poll_new())) {

704

fprintf(stderr, "Failed to create simple poll object.\n");

705

706

goto exit;

707

}

708

709

/* Do not publish any local records */

710

avahi_server_config_init(&config);

711

config.publish_hinfo = 0;

712

config.publish_addresses = 0;

713

config.publish_workstation = 0;

714

config.publish_domain = 0;

715

716

/* Allocate a new server */

717

server = avahi_server_new(avahi_simple_poll_get(simple_poll),

718

&config, NULL, NULL, &error);

719

720

/* Free the configuration data */

721

avahi_server_config_free(&config);

722

723

/* Check if creating the server object succeeded */

724

if (!server) {

725

fprintf(stderr, "Failed to create server: %s\n",

974

975

/* Allocate main Avahi loop object */

976

mc.simple_poll = avahi_simple_poll_new();

977

if (mc.simple_poll == NULL) {

978

fprintf(stderr, "Avahi: Failed to create simple poll"

979

" object.\n");

980

exitcode = EXIT_FAILURE;

981

goto end;

982

}

983

984

{

985

AvahiServerConfig config;

986

/* Do not publish any local Zeroconf records */

987

avahi_server_config_init(&config);

988

config.publish_hinfo = 0;

989

config.publish_addresses = 0;

990

config.publish_workstation = 0;

991

config.publish_domain = 0;

992

993

/* Allocate a new server */

994

mc.server = avahi_server_new(avahi_simple_poll_get

995

(mc.simple_poll), &config, NULL,

996

NULL, &error);

997

998

/* Free the Avahi configuration data */

999

avahi_server_config_free(&config);

1000

}

1001

1002

/* Check if creating the Avahi server object succeeded */

1003

if (mc.server == NULL) {

1004

fprintf(stderr, "Failed to create Avahi server: %s\n",

726

1005

avahi_strerror(error));

727

returncode = EXIT_FAILURE;

728

goto exit;

1006

exitcode = EXIT_FAILURE;

1007

goto end;

729

1008

}

730

1009

731

/* Create the service browser */

732

sb = avahi_s_service_browser_new(server, (AvahiIfIndex)if_index,

1010

/* Create the Avahi service browser */

1011

sb = avahi_s_service_browser_new(mc.server, if_index,

733

1012

AVAHI_PROTO_INET6,

734

1013

"_mandos._tcp", NULL, 0,

735

browse_callback, server);

736

if (!sb) {

1014

browse_callback, &mc);

1015

if (sb == NULL) {

737

1016

fprintf(stderr, "Failed to create service browser: %s\n",

738

avahi_strerror(avahi_server_errno(server)));

739

returncode = EXIT_FAILURE;

740

goto exit;

1017

avahi_strerror(avahi_server_errno(mc.server)));

1018

exitcode = EXIT_FAILURE;

1019

goto end;

741

1020

}

742

1021

743

1022

/* Run the main loop */

744

1023

745

1024

if (debug){

746

fprintf(stderr, "Starting avahi loop search\n");

1025

fprintf(stderr, "Starting Avahi loop search\n");

747

1026

}

748

1027

749

avahi_simple_poll_loop(simple_poll);

1028

avahi_simple_poll_loop(mc.simple_poll);

750

1029

751

exit:

1030

end:

752

1031

753

1032

if (debug){

754

1033

fprintf(stderr, "%s exiting\n", argv[0]);

755

1034

}

756

1035

757

1036

/* Cleanup things */

758

if (sb)

1037

if (sb != NULL)

759

1038

avahi_s_service_browser_free(sb);

760

1039

761

if (server)

762

avahi_server_free(server);

763

764

if (simple_poll)

765

avahi_simple_poll_free(simple_poll);

766

767

return returncode;

1040

if (mc.server != NULL)

1041

avahi_server_free(mc.server);

1042

1043

if (mc.simple_poll != NULL)

1044

avahi_simple_poll_free(mc.simple_poll);

1045

free(pubkeyfilename);

1046

free(seckeyfilename);

1047

1048

if (gnutls_initalized){

1049

gnutls_certificate_free_credentials(mc.cred);

1050

gnutls_global_deinit ();

1051

}

1052

1053

return exitcode;

768

1054

}

Older »